TCPA and Compliance

Work From Home Webinar Series.

Convoso teamed up with attorneys Michele Shuster and Lisa Messner of Mac Murray & Shuster for a 30 minute presentation in this second of our popular Work From Home [WFH] webinar series. Over 100 people tuned in to learn about legal considerations of operating a remote call center.*

Here you’ll find some of the essential points covered in the presentation, hosted by Convoso CEO Nima Hakimi, to help keep your virtual call center operation legally compliant. Check out the webinar in the video below for details not covered in this summary.

[If you missed our first webinar on setting up a WFH call center and managing the productivity of remote agents, you can read the summary and watch the video in our blog.]

Develop a Remote Work Plan

Remote work is here to stay.

The work from home model represents cost-savings and flexibility in the hiring pool. For many call centers, a remote operation may be the new normal. It’s time now, if you weren’t doing it before, to give thought and consideration to a comprehensive set of policies and procedures.

One of the first things employers need to do is familiarize themselves with the newly-passed Families First Coronavirus Act, an amendment to the existing Family Medical Leave Act [FMLA]. Employers with fewer than 50 employees must provide two weeks’ worth of paid sick leave if employees are unable to work because they’re subject to quarantine or isolation, are experiencing symptoms of COVID-19, are caring for someone who is in quarantine or isolation, and/or have children in schools that have closed. Some hardship exemptions exist for companies with fewer than 30 employees.

Employers also receive tax credits to offset the costs of providing this paid leave.

Increases in unemployment benefits.

Extending the unemployment benefits can be very helpful when companies want to keep their employees, but need to temporarily cut staff by layoffs or furlough.

Record Hours Worked. Track via dialer, keep records 3 years.

It’s the employer’s legal obligation to track the time and the hours employees are working. In some states, meal periods are mandatory. For a remote call center, your employees may track time through a dialer system. Training is essential to make sure they understand how to track their time accurately, so they’re not working off the clock, or logging hours for work when they’re not working. Keep time records a minimum of three years.

“In terms of policies, procedures, privacy, all those things, what you need to do from an employment standpoint is training, training, training. And make sure your employees understand what their guidelines are and what that obligation looks like.” —Lisa Messner

When Employees Return to the Office

Communicate On-site Safety Measures

Screenings and Privacy

You need to implement some type of screening method. Keep in mind that the employees have privacy protections covered by The Americans with Disabilities Act [ADA] and/or state disability discrimination statutes.

Handling Sick Employees

Employees who get sick should be sent home, and instructed not to return until they’re symptom-free for at least 24 hours. Privacy issues apply in terms of identity disclosure. Should the returning employee need some kind of accommodation, for example more frequent breaks for oxygen due to post respiratory illness, the employer is under obligation to provide that accommodation in accordance with the ADA.

Downsizing

If you should need to downsize employees as your operation returns to the office, make sure you document the decisions through measurable and objective standards, such as seniority or quantifiable performance issues.

Risk Assessment – Privacy & Compliance

A risk assessment is critical. It reveals privacy concerns you should have about your remote call center operation. Take a look at the different regulations imposing privacy restrictions (e.g., GDPR, HIPAA, GLBA, other consumer protection laws) and what security measures are considered adequate to protect the privacy of sensitive consumer information.

“You have to look at what the risk type is. Is it that we’d be violating the law? Is it that if we had some type of privacy breach that it would damage our reputation? Are we concerned about identity theft? Is it trade secrets? You have to analyze.” —Lisa Messner, Parter, MacMurray & Shuster

Collecting Information

What are your business objectives for collecting information? Ask strategic questions about what information you collect and why. And then review what controls you have in place, which are still needed based on the requirements of the laws, and document your conclusions.

Tech Concerns

Assess what kind of controls or lack of controls are in the home. Consider internet connection/WiFi, firewalls, data encryption, and use of personal computers/devices, which can pose an increased risk of ransomware, malware and other security vulnerabilities.

Home Environment

Protect data from inadvertent access of others in the home environment, including overheard phone conversations by people and personal assistant devices such as Alexa, Google Home & Siri. Documents left out in public areas of the home or put on unsecured removable media (e.g., flash drives, CDs, DVDs), as well as not adhering to systems such as a Clean Desk policy can also be an issue. Training will be critical here.

Mitigation Steps

Determine what can be done to mitigate the risks identified by your risk assessment, and develop a comprehensive set of policies and procedures. Establish minimum security requirements like prohibiting the use of public WiFi, encrypting whole drives, using work-issued devices instead of personal devices, and maintaining robust IT assistance so employees don’t self help.

Be sure to document the solutions, policies, and procedures you establish.

“Your best line of defense to prevent data breaches and other privacy breaches that can be very costly both in terms of reputation and statutory fines is to make sure you’re training your agents so that they understand where the vulnerabilities are.” — Michele Shuster

TCPA Violations

You need to do the same level of risk analysis and mitigation for TCPA compliance as you do for privacy, with documented and defendable positions for all of your campaigns.

Affidavits for WFH Agents

You’ll need to have written agreements with agents you’re allowing to work at home. Those agreements should specify what type of things can and cannot be done in the work at home environment. You need to document everything from IT controls to the types of action that can be taken on the computer. Agents working from home need to sign that they have read and understood the policies, and that the work at home situation is a privilege and not a right and can be revoked at any time.

Compliance Safeguards Your Dialer Should Be Providing

Never has it been more important to have technological support to make sure you’re compliant. Whether it’s scrubbing against Do Not Call lists, conforming to individual state laws, applying tools to avoid over-dialing, or protecting your caller ID reputation.

State-by-State Compliance

Every state has different requirements. There are state-specific disclosures and restricted call times, days of the week, and specific holidays. For example, your dialer should not be making a call to anyone in Alabama on the first Monday in June because it’s Jefferson Davis Day. In some states, the agent needs to give their full name, or their address, while in others, they can’t rebuttal.

You want to be sure your dialer is up-to-date with all the rules. As an example, in response to Covid-19, New York now has rules restricting calls if you don’t have an existing business relationship.

“I can’t imagine how an agent can remember which disclosures to use, especially with changes going on all the time. At Convoso we implement smart scripting capability which, based on recognizing the state that the call is either coming from or going out to, displays the appropriate disclosures into the script.” —Nima Hakimi, CEO

Contact Center Compliance Solutions

Convoso offers a contact center solution that’s proactive around helping you to stay compliant with a number of compliance-focused features, such as scrubbing against an internal Do Not Call list, more advanced lead redial/recycle logic to maximize contact rates while making sure that you’re not overdialing your leads, and integration with third-party compliance solutions such as ActiveProspect, TrustedForm, or Jornaya.

Q&A

The question and answer period continued for another 15 minutes following the 30-minute webinar presentation. Be sure to listen to the whole webinar to hear even more information on this topic as the attorneys answer participant questions.

Lisa Messner is a partner at Mac Murray & Shuster, where she leads the firm’s litigation practice area.

Focus on consumer protection and privacy laws and regulations.

Has successfully defended highly-regulated businesses of all sizes in class actions, complex commercial litigation, and government enforcement actions.

*Nothing in this webinar or summary is meant to convey legal advice. You should consult an attorney for legal guidance on compliance matters.

At Convoso, we’ve supported remote call centers for many years. To learn more about transitioning traditional call centers of 10 seats of more to remote operations, request a demo or call 888-456-5454.

Follow us on LinkedIn to be the first to know about our upcoming e-book and webinars.

Lift Contact Rates 30-300%

See for yourself how Convoso’s contact center software can dramatically improve your performance.